Recent Posts

Study References

BGP handles over 100,000 routes in the internet and it is doing a very good job in doing so. I tried doing the "show ip bgp" command on our internet router with a Public AS and takes quite a long time to show all the prefixes. I have to hit the space bar a lot of times. You can imagine how much CPU this number of routes will take on the router.

I have read an article that a few months ago, there was one ISP that advertised the whole internet routing table and originated all the routes. A mistake will most likely affect the routers in the internet, or could take the internet down if there are no counter measures done. One more possible thing I can imagine that might happen is that private ip addresses from a customer might be advertised out to the internet if the ISP failed to filter the private address. ( I dunno if this happened before)

Limiting the number of prefixes received from a BGP neighbor is one of the best ways to make sure these mistakes never affect the whole internet. The best practice is to check the number of prefixes received from a neighbor and then give a little allowance on the number of prefixes allowed. R1 on the diagram below is announcing prefixes to R2, let's see what happens if these prefixes reach the limit and what happens if it exceeds the limit.

This time it gave also a notification in R2 and also generated a hexadecimal code. ( I have yet to review what this means :)) Right then and there, when it exceeded the limit R2 dropped the peering to R1. Let's see what the BGP table summary looks like after the violation.

R2#sh ip bgp sumBGP router identifier 10.10.10.2, local AS number 234BGP table version is 203, main routing table version 203

The state is in Idle and included a description (PfxCt) which means the neighbor exceeded the prefix limit set. The peering will only be established once the prefixes goes below the threshold set and "clear ip bgp *" needs to be issued to renegotiate the connection. Again, this command is very useful to protect your own AS from over flooding of prefixes and protect other ASes as well.

By default it will generate a syslog message when its 75% of the limit set. You can also set a threshold if you want for you to be alert of an impending issue. I intend it to be 75% so i dont need to put any value in there.

Post a Comment

Certifications

The Dreamer

A fun loving person who enjoys learning new things. Currently working as a Network Engineer supporting the global network of a Fortune 500 company. This blog serves as my notes for the labs I created for my CCIE journey. I can guarantee there are errors in my posts. If you spot them, please let me know.